diff --git a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
index 1bb9ee3..af46f2b 100644
--- a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
+++ b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
@@ -16,7 +16,7 @@ index 44850a9..b6927d0 100644
// Define the maximum debug and assert message length that this library supports
//
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
-+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
++#define MAX_DEBUG_MESSAGE_LENGTH 0x200
/**
This constructor function does not have to do anything.
diff --git a/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch b/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
new file mode 100644
index 0000000..308fddb
--- /dev/null
+++ b/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
@@ -0,0 +1,73 @@
+From: Ruiyu Ni <ruiyu.ni@intel.com>
+Subject: [PATCH] MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource
+Date: Thu, 16 Nov 2017 18:15:14 +0100
+
+The bug was caused by 728d74973c9262b6c7b7ef4be213223d55affec3
+"MdeModulePkg/PciBus: Count multiple hotplug resource paddings".
+
+The patch firstly updated the Bridge->Alignment to the maximum
+alignment of all devices under the bridge, then aligned the
+Bridge->Length to Bridge->Alignment.
+It caused too much resources were claimed.
+
+The new patch firstly aligns Bridge->Length to Bridge->Alignment,
+then updates the Bridge->Alignment to the maximum alignment of all
+devices under the bridge.
+Because the step to update the Bridge->Alignment is to make sure
+the resource allocated to the bus under the Bridge meets all
+devices alignment. But the Bridge->Length doesn't have to align
+to the maximum alignment.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
+Reviewed-by: Eric Dong <eric.dong@intel.com>
+(cherry picked from commit 6e3287442774c1a4bc83f127694700eeb07c18dc)
+---
+ MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c | 24 ++++++++++----------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
+index 8dbe9a00380f..2f713fcee95e 100644
+--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
++++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
+@@ -389,18 +389,7 @@ CalculateResourceAperture (
+ }
+
+ //
+- // Adjust the bridge's alignment to the MAX (first) alignment of all children.
+- //
+- CurrentLink = Bridge->ChildList.ForwardLink;
+- if (CurrentLink != &Bridge->ChildList) {
+- Node = RESOURCE_NODE_FROM_LINK (CurrentLink);
+- if (Node->Alignment > Bridge->Alignment) {
+- Bridge->Alignment = Node->Alignment;
+- }
+- }
+-
+- //
+- // At last, adjust the aperture with the bridge's alignment
++ // Adjust the aperture with the bridge's alignment
+ //
+ Aperture[PciResUsageTypical] = ALIGN_VALUE (Aperture[PciResUsageTypical], Bridge->Alignment + 1);
+ Aperture[PciResUsagePadding] = ALIGN_VALUE (Aperture[PciResUsagePadding], Bridge->Alignment + 1);
+@@ -410,6 +399,17 @@ CalculateResourceAperture (
+ // Use the larger one between the padding resource and actual occupied resource.
+ //
+ Bridge->Length = MAX (Aperture[PciResUsageTypical], Aperture[PciResUsagePadding]);
++
++ //
++ // Adjust the bridge's alignment to the MAX (first) alignment of all children.
++ //
++ CurrentLink = Bridge->ChildList.ForwardLink;
++ if (CurrentLink != &Bridge->ChildList) {
++ Node = RESOURCE_NODE_FROM_LINK (CurrentLink);
++ if (Node->Alignment > Bridge->Alignment) {
++ Bridge->Alignment = Node->Alignment;
++ }
++ }
+ }
+
+ /**
+--
+2.14.1.3.gb7cf6e02401b
+
diff --git a/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch b/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
new file mode 100644
index 0000000..0a9a1ba
--- /dev/null
+++ b/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
@@ -0,0 +1,34 @@
+From: Ruiyu Ni <ruiyu.ni@intel.com>
+Subject: [PATCH] MdeModulePkg/Bds: Remove assertion in BmCharToUint
+Date: Thu, 16 Nov 2017 18:04:42 +0100
+
+BmCharToUint() could be called using external data and it
+already contains logic to return -1 when data is invalid,
+so removing unnecessary assertion to avoid system hang.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Star Zeng <star.zeng@intel.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+(cherry picked from commit 618ef6f9bae14e1543d61993ab7ab8992063e4cc)
+---
+ MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
+index 11ab86792a52..a3fa25424592 100644
+--- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
++++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
+@@ -420,7 +420,6 @@ BmCharToUint (
+ return (Char - L'A' + 0xA);
+ }
+
+- ASSERT (FALSE);
+ return (UINTN) -1;
+ }
+
+--
+2.14.1.3.gb7cf6e02401b
+
+
diff --git a/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch b/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch
new file mode 100644
index 0000000..231a96e
--- /dev/null
+++ b/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch
@@ -0,0 +1,105 @@
+From: Ruiyu Ni <ruiyu.ni@intel.com>
+Subject: [PATCH] MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL
+Date: Thu, 16 Nov 2017 18:04:43 +0100
+
+Current implementation skips to check whether the last four
+characters are digits when the OptionNumber is NULL.
+Even worse, it may incorrectly return FALSE when OptionNumber is
+NULL.
+
+The patch fixes it to always check the variable name even
+OptionNumber is NULL.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 5e6e2dcc380dcd841f6f979fea8c302c80a87ec3)
+---
+ MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c | 45 +++++++++++++-------
+ 1 file changed, 30 insertions(+), 15 deletions(-)
+
+diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
+index b0a35058d02b..32918caf324c 100644
+--- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
++++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
+@@ -785,6 +785,8 @@ EfiBootManagerIsValidLoadOptionVariableName (
+ UINTN VariableNameLen;
+ UINTN Index;
+ UINTN Uint;
++ EFI_BOOT_MANAGER_LOAD_OPTION_TYPE LocalOptionType;
++ UINT16 LocalOptionNumber;
+
+ if (VariableName == NULL) {
+ return FALSE;
+@@ -792,39 +794,52 @@ EfiBootManagerIsValidLoadOptionVariableName (
+
+ VariableNameLen = StrLen (VariableName);
+
++ //
++ // Return FALSE when the variable name length is too small.
++ //
+ if (VariableNameLen <= 4) {
+ return FALSE;
+ }
+
+- for (Index = 0; Index < ARRAY_SIZE (mBmLoadOptionName); Index++) {
+- if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[Index])) &&
+- (StrnCmp (VariableName, mBmLoadOptionName[Index], VariableNameLen - 4) == 0)
++ //
++ // Return FALSE when the variable name doesn't start with Driver/SysPrep/Boot/PlatformRecovery.
++ //
++ for (LocalOptionType = 0; LocalOptionType < ARRAY_SIZE (mBmLoadOptionName); LocalOptionType++) {
++ if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[LocalOptionType])) &&
++ (StrnCmp (VariableName, mBmLoadOptionName[LocalOptionType], VariableNameLen - 4) == 0)
+ ) {
+ break;
+ }
+ }
++ if (LocalOptionType == ARRAY_SIZE (mBmLoadOptionName)) {
++ return FALSE;
++ }
+
+- if (Index == ARRAY_SIZE (mBmLoadOptionName)) {
++ //
++ // Return FALSE when the last four characters are not hex digits.
++ //
++ LocalOptionNumber = 0;
++ for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) {
++ Uint = BmCharToUint (VariableName[Index]);
++ if (Uint == -1) {
++ break;
++ } else {
++ LocalOptionNumber = (UINT16) Uint + LocalOptionNumber * 0x10;
++ }
++ }
++ if (Index != VariableNameLen) {
+ return FALSE;
+ }
+
+ if (OptionType != NULL) {
+- *OptionType = (EFI_BOOT_MANAGER_LOAD_OPTION_TYPE) Index;
++ *OptionType = LocalOptionType;
+ }
+
+ if (OptionNumber != NULL) {
+- *OptionNumber = 0;
+- for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) {
+- Uint = BmCharToUint (VariableName[Index]);
+- if (Uint == -1) {
+- break;
+- } else {
+- *OptionNumber = (UINT16) Uint + *OptionNumber * 0x10;
+- }
+- }
++ *OptionNumber = LocalOptionNumber;
+ }
+
+- return (BOOLEAN) (Index == VariableNameLen);
++ return TRUE;
+ }
+
+ /**
+--
+2.14.1.3.gb7cf6e02401b
+
diff --git a/0022-OvmfPkg-make-it-a-proper-BASE-library.patch b/0022-OvmfPkg-make-it-a-proper-BASE-library.patch
new file mode 100644
index 0000000..79f6284
--- /dev/null
+++ b/0022-OvmfPkg-make-it-a-proper-BASE-library.patch
@@ -0,0 +1,50 @@
+From d9edd0b560db7d32b8b93e82d7051d5cf58e9744 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 16 Nov 2017 20:52:57 +0100
+Subject: [PATCH 1/3] OvmfPkg: make it a proper BASE library
+
+Remove Uefi.h, which includes UefiSpec.h, and change the
+return value to match RETURN_STATUS.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jordan Justen (Intel address) <jordan.l.justen@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 5435767c1c..74f4d9c2d6 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -15,7 +15,6 @@
+ **/
+
+ #include <Base.h>
+-#include <Uefi.h>
+ #include <Library/DebugLib.h>
+ #include <Library/BaseLib.h>
+ #include <Library/IoLib.h>
+@@ -32,7 +31,7 @@
+ /**
+ This constructor function does not have to do anything.
+
+- @retval EFI_SUCCESS The constructor always returns RETURN_SUCCESS.
++ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
+
+ **/
+ RETURN_STATUS
+@@ -41,7 +40,7 @@ PlatformDebugLibIoPortConstructor (
+ VOID
+ )
+ {
+- return EFI_SUCCESS;
++ return RETURN_SUCCESS;
+ }
+
+ /**
+--
+2.14.3
+
diff --git a/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch b/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
new file mode 100644
index 0000000..37dab9f
--- /dev/null
+++ b/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
@@ -0,0 +1,254 @@
+From ba774b89b5a206c71a2ce0db8184747fac0f6af7 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 16 Nov 2017 10:33:29 +0100
+Subject: [PATCH 2/3] OvmfPkg: create a separate PlatformDebugLibIoPort
+ instance for SEC
+
+The next patch will want to add a global variable to
+PlatformDebugLibIoPort, but this is not suitable for the SEC
+phase, because SEC runs from read-only flash. The solution is
+to have two library instances, one for SEC and another
+for all other firmware phases. This patch adds the "plumbing"
+for the SEC library instance, separating the INF files and
+moving the constructor to a separate C source file.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jordan Justen (Intel address) <jordan.l.justen@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ OvmfPkg/OvmfPkgIa32.dsc | 2 +-
+ OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
+ OvmfPkg/OvmfPkgX64.dsc | 2 +-
+ .../PlatformDebugLibIoPort.inf | 3 +-
+ .../PlatformRomDebugLibIoPort.inf | 52 ++++++++++++++++++++++
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 15 -------
+ .../PlatformDebugLibIoPort/DebugLibDetect.c | 31 +++++++++++++
+ .../PlatformDebugLibIoPort/DebugLibDetectRom.c | 31 +++++++++++++
+ 8 files changed, 119 insertions(+), 19 deletions(-)
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index c2f534fdbf..7ccb61147f 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -207,7 +207,7 @@ [LibraryClasses.common.SEC]
+ !ifdef $(DEBUG_ON_SERIAL_PORT)
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ !else
+- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ !endif
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+ ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 9f300a2e6f..237ec71b5e 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -212,7 +212,7 @@ [LibraryClasses.common.SEC]
+ !ifdef $(DEBUG_ON_SERIAL_PORT)
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ !else
+- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ !endif
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+ ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 1ffcf37f8b..a5047fa38e 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -212,7 +212,7 @@ [LibraryClasses.common.SEC]
+ !ifdef $(DEBUG_ON_SERIAL_PORT)
+ DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ !else
+- DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++ DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ !endif
+ ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+ ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+index 0e74fe94cb..de3c2f542b 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+@@ -21,7 +21,7 @@ [Defines]
+ FILE_GUID = DF934DA3-CD31-49FE-AF50-B3C87C79325F
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+- LIBRARY_CLASS = DebugLib
++ LIBRARY_CLASS = DebugLib|PEI_CORE PEIM DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER SMM_CORE DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION
+ CONSTRUCTOR = PlatformDebugLibIoPortConstructor
+
+ #
+@@ -30,6 +30,7 @@ [Defines]
+
+ [Sources]
+ DebugLib.c
++ DebugLibDetect.c
+
+ [Packages]
+ MdePkg/MdePkg.dec
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+new file mode 100644
+index 0000000000..491c0318de
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+@@ -0,0 +1,52 @@
++## @file
++# Instance of Debug Library for the QEMU debug console port.
++# It uses Print Library to produce formatted output strings.
++#
++# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
++# Copyright (c) 2017, Red Hat, Inc.<BR>
++#
++# This program and the accompanying materials
++# are licensed and made available under the terms and conditions of the BSD License
++# which accompanies this distribution. The full text of the license may be found at
++# http://opensource.org/licenses/bsd-license.php.
++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++#
++#
++##
++
++[Defines]
++ INF_VERSION = 0x00010005
++ BASE_NAME = PlatformRomDebugLibIoPort
++ FILE_GUID = CEB0D9D3-328F-4C24-8C02-28FA1986AE1B
++ MODULE_TYPE = BASE
++ VERSION_STRING = 1.0
++ LIBRARY_CLASS = DebugLib|SEC
++ CONSTRUCTOR = PlatformRomDebugLibIoPortConstructor
++
++#
++# VALID_ARCHITECTURES = IA32 X64 IPF EBC
++#
++
++[Sources]
++ DebugLib.c
++ DebugLibDetectRom.c
++
++[Packages]
++ MdePkg/MdePkg.dec
++ OvmfPkg/OvmfPkg.dec
++
++[LibraryClasses]
++ BaseMemoryLib
++ IoLib
++ PcdLib
++ PrintLib
++ BaseLib
++ DebugPrintErrorLevelLib
++
++[Pcd]
++ gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort ## CONSUMES
++ gEfiMdePkgTokenSpaceGuid.PcdDebugClearMemoryValue ## CONSUMES
++ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask ## CONSUMES
++ gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel ## CONSUMES
++
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 74f4d9c2d6..5a1c86f2c3 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -28,21 +28,6 @@
+ //
+ #define MAX_DEBUG_MESSAGE_LENGTH 0x200
+
+-/**
+- This constructor function does not have to do anything.
+-
+- @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
+-
+-**/
+-RETURN_STATUS
+-EFIAPI
+-PlatformDebugLibIoPortConstructor (
+- VOID
+- )
+-{
+- return RETURN_SUCCESS;
+-}
+-
+ /**
+ Prints a debug message to the debug output device if the specified error level is enabled.
+
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+new file mode 100644
+index 0000000000..bad054f286
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+@@ -0,0 +1,31 @@
++/** @file
++ Constructor code for QEMU debug port library.
++ Non-SEC instance.
++
++ Copyright (c) 2017, Red Hat, Inc.<BR>
++ This program and the accompanying materials
++ are licensed and made available under the terms and conditions of the BSD License
++ which accompanies this distribution. The full text of the license may be found at
++ http://opensource.org/licenses/bsd-license.php.
++
++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include <Base.h>
++
++/**
++ This constructor function does not have anything to do.
++
++ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
++
++**/
++RETURN_STATUS
++EFIAPI
++PlatformDebugLibIoPortConstructor (
++ VOID
++ )
++{
++ return RETURN_SUCCESS;
++}
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+new file mode 100644
+index 0000000000..83a118a0f7
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+@@ -0,0 +1,31 @@
++/** @file
++ Constructor code for QEMU debug port library.
++ SEC instance.
++
++ Copyright (c) 2017, Red Hat, Inc.<BR>
++ This program and the accompanying materials
++ are licensed and made available under the terms and conditions of the BSD License
++ which accompanies this distribution. The full text of the license may be found at
++ http://opensource.org/licenses/bsd-license.php.
++
++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include <Base.h>
++
++/**
++ This constructor function does not have anything to do.
++
++ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
++
++**/
++RETURN_STATUS
++EFIAPI
++PlatformRomDebugLibIoPortConstructor (
++ VOID
++ )
++{
++ return RETURN_SUCCESS;
++}
+--
+2.14.3
+
diff --git a/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch b/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch
new file mode 100644
index 0000000..3833c10
--- /dev/null
+++ b/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch
@@ -0,0 +1,270 @@
+From b23853af6eb71e4c9b2e2d235b1db80541d33116 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 15 Nov 2017 18:01:00 +0100
+Subject: [PATCH 3/3] OvmfPkg: save on I/O port accesses when the debug port is
+ not in use
+
+When SEV is enabled, every debug message printed by OVMF to the
+QEMU debug port traps from the guest to QEMU character by character
+because "REP OUTSB" cannot be used by IoWriteFifo8. Furthermore,
+when OVMF is built with the DEBUG_VERBOSE bit (value 0x00400000)
+enabled in "gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel", then the
+OvmfPkg/IoMmuDxe driver, and the OvmfPkg/Library/BaseMemEncryptSevLib
+library instance that is built into it, produce a huge amount of
+log messages. Therefore, in SEV guests, the boot time impact is huge
+(about 45 seconds _additional_ time spent writing to the debug port).
+
+While these messages are very useful for analyzing guest behavior,
+most of the time the user won't be capturing the OVMF debug log.
+In fact libvirt does not provide a method for configuring log capture;
+users that wish to do this (or are instructed to do this) have to resort
+to <qemu:arg>.
+
+The debug console device provides a handy detection mechanism; when read,
+it returns 0xE9 (which is very much unlike the 0xFF that is returned by
+an unused port). Use it to skip the possibly expensive OUT instructions
+when the debug I/O port isn't plugged anywhere.
+
+For SEC, the debug port has to be read before each full message.
+However:
+
+- if the debug port is available, then reading one byte before writing
+a full message isn't tragic, especially because SEC doesn't print many
+messages
+
+- if the debug port is not available, then reading one byte instead of
+writing a full message is still a win.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jordan Justen (Intel address) <jordan.l.justen@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ .../PlatformDebugLibIoPort/DebugLibDetect.h | 57 ++++++++++++++++++++++
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 28 +++++++++--
+ .../PlatformDebugLibIoPort/DebugLibDetect.c | 30 ++++++++++--
+ .../PlatformDebugLibIoPort/DebugLibDetectRom.c | 21 +++++++-
+ 4 files changed, 127 insertions(+), 9 deletions(-)
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h
+
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h
+new file mode 100644
+index 0000000000..1f739b55d8
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h
+@@ -0,0 +1,57 @@
++/** @file
++ Base Debug library instance for QEMU debug port.
++ It uses PrintLib to send debug messages to a fixed I/O port.
++
++ Copyright (c) 2017, Red Hat, Inc.<BR>
++ This program and the accompanying materials
++ are licensed and made available under the terms and conditions of the BSD License
++ which accompanies this distribution. The full text of the license may be found at
++ http://opensource.org/licenses/bsd-license.php.
++
++ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#ifndef __DEBUG_IO_PORT_DETECT_H__
++#define __DEBUG_IO_PORT_DETECT_H__
++
++#include <Base.h>
++
++//
++// The constant value that is read from the debug I/O port
++//
++#define BOCHS_DEBUG_PORT_MAGIC 0xE9
++
++
++/**
++ Helper function to return whether the virtual machine has a debug I/O port.
++ PlatformDebugLibIoPortFound can call this function directly or cache the
++ result.
++
++ @retval TRUE if the debug I/O port device was detected.
++ @retval FALSE otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortDetect (
++ VOID
++ );
++
++/**
++ Return whether the virtual machine has a debug I/O port. DebugLib.c
++ calls this function instead of PlatformDebugLibIoPortDetect, to allow
++ caching if possible.
++
++ @retval TRUE if the debug I/O port device was detected.
++ @retval FALSE otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortFound (
++ VOID
++ );
++
++#endif
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 5a1c86f2c3..36cde54976 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -22,6 +22,7 @@
+ #include <Library/PcdLib.h>
+ #include <Library/BaseMemoryLib.h>
+ #include <Library/DebugPrintErrorLevelLib.h>
++#include "DebugLibDetect.h"
+
+ //
+ // Define the maximum debug and assert message length that this library supports
+@@ -61,9 +62,10 @@ DebugPrint (
+ ASSERT (Format != NULL);
+
+ //
+- // Check driver debug mask value and global mask
++ // Check if the global mask disables this message or the device is inactive
+ //
+- if ((ErrorLevel & GetDebugPrintErrorLevel ()) == 0) {
++ if ((ErrorLevel & GetDebugPrintErrorLevel ()) == 0 ||
++ !PlatformDebugLibIoPortFound ()) {
+ return;
+ }
+
+@@ -120,9 +122,11 @@ DebugAssert (
+ FileName, (UINT64)LineNumber, Description);
+
+ //
+- // Send the print string to the debug I/O port
++ // Send the print string to the debug I/O port, if present
+ //
+- IoWriteFifo8 (PcdGet16 (PcdDebugIoPort), Length, Buffer);
++ if (PlatformDebugLibIoPortFound ()) {
++ IoWriteFifo8 (PcdGet16 (PcdDebugIoPort), Length, Buffer);
++ }
+
+ //
+ // Generate a Breakpoint, DeadLoop, or NOP based on PCD settings
+@@ -265,3 +269,19 @@ DebugPrintLevelEnabled (
+ {
+ return (BOOLEAN) ((ErrorLevel & PcdGet32(PcdFixedDebugPrintErrorLevel)) != 0);
+ }
++
++/**
++ Return the result of detecting the debug I/O port device.
++
++ @retval TRUE if the debug I/O port device was detected.
++ @retval FALSE otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortDetect (
++ VOID
++ )
++{
++ return IoRead8 (PcdGet16 (PcdDebugIoPort)) == BOCHS_DEBUG_PORT_MAGIC;
++}
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+index bad054f286..81c44eece9 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+@@ -1,6 +1,6 @@
+ /** @file
+- Constructor code for QEMU debug port library.
+- Non-SEC instance.
++ Detection code for QEMU debug port.
++ Non-SEC instance, caches the result of detection.
+
+ Copyright (c) 2017, Red Hat, Inc.<BR>
+ This program and the accompanying materials
+@@ -14,9 +14,16 @@
+ **/
+
+ #include <Base.h>
++#include "DebugLibDetect.h"
++
++//
++// Set to TRUE if the debug I/O port is enabled
++//
++STATIC BOOLEAN mDebugIoPortFound = FALSE;
+
+ /**
+- This constructor function does not have anything to do.
++ This constructor function checks if the debug I/O port device is present,
++ caching the result for later use.
+
+ @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
+
+@@ -27,5 +34,22 @@ PlatformDebugLibIoPortConstructor (
+ VOID
+ )
+ {
++ mDebugIoPortFound = PlatformDebugLibIoPortDetect();
+ return RETURN_SUCCESS;
+ }
++
++/**
++ Return the cached result of detecting the debug I/O port device.
++
++ @retval TRUE if the debug I/O port device was detected.
++ @retval FALSE otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortFound (
++ VOID
++ )
++{
++ return mDebugIoPortFound;
++}
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+index 83a118a0f7..b950919675 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+@@ -1,6 +1,6 @@
+ /** @file
+- Constructor code for QEMU debug port library.
+- SEC instance.
++ Detection code for QEMU debug port.
++ SEC instance, cannot cache the result of detection.
+
+ Copyright (c) 2017, Red Hat, Inc.<BR>
+ This program and the accompanying materials
+@@ -14,6 +14,7 @@
+ **/
+
+ #include <Base.h>
++#include "DebugLibDetect.h"
+
+ /**
+ This constructor function does not have anything to do.
+@@ -29,3 +30,19 @@ PlatformRomDebugLibIoPortConstructor (
+ {
+ return RETURN_SUCCESS;
+ }
++
++/**
++ Return the result of detecting the debug I/O port device.
++
++ @retval TRUE if the debug I/O port device was detected.
++ @retval FALSE otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortFound (
++ VOID
++ )
++{
++ return PlatformDebugLibIoPortDetect ();
++}
+--
+2.14.3
+
diff --git a/edk2.spec b/edk2.spec
index c1b229d..67a759e 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -2,10 +2,14 @@
%global edk2_githash 92d07e4
%global openssl_version 1.1.0e
+%if 0%{?fedora:1}
%define cross 1
+%endif
%ifarch %{ix86} x86_64
+%if 0%{?fedora:1}
%define build_ovmf_ia32 1
+%endif
%ifarch x86_64
%define build_ovmf_x64 1
%endif
@@ -25,7 +29,7 @@
Name: edk2
Version: %{edk2_date}git%{edk2_githash}
-Release: 1%{dist}
+Release: 2%{dist}
Summary: EFI Development Kit II
Group: Applications/Emulators
@@ -39,6 +43,7 @@ Source11: build-iso.sh
Source12: update-tarball.sh
Source13: openssl-patch-to-tarball.sh
+# non-upstream patches
Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
Patch0003: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
@@ -57,13 +62,23 @@ Patch0016: 0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
Patch0017: 0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
Patch0018: 0018-ArmVirtPkg-set-early-hello-message.patch
+# upstream backports
+Patch0019: 0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
+Patch0020: 0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
+Patch0021: 0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch
+
+# submitted upstream
+Patch0022: 0022-OvmfPkg-make-it-a-proper-BASE-library.patch
+Patch0023: 0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
+Patch0024: 0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch
%if 0%{?cross:1}
# Tweak the tools_def to support cross-compiling.
-# These files are meant for customization, so this is not upstream.
+# These files are meant for customization, so this is not upstream too.
Patch0099: 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
%endif
+%if 0%{?fedora:1}
#
# actual firmware builds support cross-compiling. edk2-tools
# in theory should build everywhere without much trouble, but
@@ -71,6 +86,9 @@ Patch0099: 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
# (such as ppc), so lets limit things to the known-good ones.
#
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
+%else
+ExclusiveArch: x86_64 aarch64
+%endif
BuildRequires: python
BuildRequires: libuuid-devel
@@ -421,7 +439,12 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw %{buildroot}/usr/share/AAVMF/
%changelog
-* Tue Nov 14 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-6
+* Fri Nov 17 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-2
+- Backport patches 19-21 from RHEL
+- Add patches 22-24 to fix SEV slowness
+- Add fedora conditionals
+
+* Tue Nov 14 2017 Paolo Bonzini <pbonzini@redhat.com> - 20171011git92d07e4-1
- Import source and patches from RHEL version
- Update OpenSSL to 1.1.0e
- Refresh 0099-Tweak-the-tools_def-to-support-cross-compiling.patch